CVE-2026-5373
Published: 07 April 2026
Summary
CVE-2026-5373 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Runzero Runzero Platform. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 12.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-6 (Least Privilege).
Deeper analysis
CVE-2026-5373 is an improper privilege management vulnerability (CWE-269) in the runZero Platform. It enabled all-organization administrators to promote accounts to superuser status. The issue carries a CVSS v3.1 base score of 8.1 (High), with the vector AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N, and was published on 2026-04-07. The vulnerability was fixed in runZero Platform version 4.0.260202.0.
Exploitation requires high privileges, specifically those of an all-organization administrator, and can be performed over the network with low attack complexity but necessitates user interaction. Successful exploitation allows the promotion of accounts to superuser status, enabling high-impact confidentiality and integrity violations with a changed scope.
runZero's advisories and release notes detail the fix in version 4.0.260202.0. Additional information is available in the release notes at https://help.runzero.com/docs/release-notes/#402602020 and the dedicated advisory at https://www.runzero.com/advisories/runzero-platform-su-privesc-cve-2026-5373/.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-19634
Vulnerability details
An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N (8.1 High). This issue was fixed in version…
more
4.0.260202.0 of the runZero Platform.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The improper privilege management vulnerability directly enables vertical privilege escalation from all-organization administrator to superuser status via network-accessible account promotion.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly counters CWE-269 improper privilege management by enforcing least privilege, preventing all-organization administrators from promoting accounts to unnecessary superuser status.
Manages account privileges and reviews to ensure proper assignment and avoid unauthorized escalations to superuser by high-privileged administrators.
Remediates the specific privilege escalation flaw fixed in runZero Platform version 4.0.260202.0 through flaw identification and timely patching.